At AI Week 2025, CloudFlare announced the Application Trust Score, an automated rating system designed to help organizations assess the safety and security of large-scale third-party AI applications.
New scoring systems need to address the growing challenges of “Shadow It” and “Shadow AI.” Employees use unauthorized generation AI tools to potentially expose sensitive corporate data to security risks or use LAX security practices to retain user data for a long period of time.
Trust Scoring provides two separate 1-5 ratings for each AI application. This is an application confidence score that measures the maturity of a typical SaaS, and a Gen-AI trust score that focuses on generative AI-specific risks. Ayush Kumar, senior product manager at CloudFlare, and Sharon Goldberg, product director at CloudFlare and former founder of Bastionzero, argue why Scoring System can support security teams to define AI access policies at scale.
The score is not based on vibes or black boxes “learning algorithms” or “artificial intelligence engines.” Subjective and large-scale judgments can be difficult to implement reliably and consistently over time, so we avoid subjective judgments and measuring large-scale redness. Instead, the score is calculated against the objective rubrics that we will explain in detail in this blog. Our rubrics are published in the CloudFlare developer documentation and are kept up to date.
Among the criteria used to calculate application trust scores, this article highlights regulatory compliance (Soc 2, GDPR, ISO 27001), data management practices, security management, and financial stability (to assess the long-term viability of the company behind the application). Gen-AI reliability scores focus on deployment security models, model card availability and user prompt training.
Source: CloudFlare Blog
Walter Haydock, founder of Stackaware, commented:
CloudFlare's new “AI Application Trust Score” takes into account ISO 42001. I'm curious to see how to determine this, as both “certification” and “compliance” are not necessarily the same in blog posts.
Each component of the rubric tested for security and compliance practices is based on published data, including privacy policies, security documents, compliance certifications, model cards, and incident reports. If data is unavailable, no points will be assigned. According to CloudFlare, Crawlers are used to collect public information. AI is used solely for extracting and calculating scores via automated systems that incorporate human surveillance to improve accuracy.
So far, the team has explained how logic works. However, the score is not currently being used by managed services. They will be available as part of a new suite of AI Security Attitude Management (AI-SPM) capabilities on one SASE platform, but no date has been announced for Kumar and Goldberg to confirm.
Today we are releasing a scoring rubric to seek feedback from the community. However, you will soon see the reliability scores for these CloudFlare applications integrated into the application library on the SASE platform. Customers can simply click or hover the score to reveal a detailed breakdown of the score rubrics and underlying components.
In AI Week 2025, CloudFlare announced other features aimed at protecting access to AI. This included data-driven views of AI tools used by employees, API CASB controls for AI, API CASB controls for AI, API CASB controls for AI are dangerous configurations, data loss, and security issues, and the MCP server portal observed all MCP connections within the organization. Additionally, AI Quick Protection is currently in beta and supports ChatGpt, Claude, Gemini and Prperxity.
